Accessibility Skip to content

Plantronics Hub - Privilege Defined With Unsafe Actions

Vulnerability Summary

A local privilege-escalation vulnerability exists in the Plantronics Hub for Windows client application. A local attacker can exploit this vulnerability to gain elevated privileges.  

 

Details

CVE 2019-15742
A local privilege-escalation vulnerability exists in the Poly Plantronics Hub before 3.14 for Windows client application. A local attacker can exploit this issue to gain elevated privileges.

Published

Last Update: 3/7/2022
Initial Public Release: 8/30/2019
Advisory ID:  PLYAP19-08

CVE ID: CVE-2019-15742
CVSS Score: 7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Product Affected
PRODUCTS FIRMWARE FIX
Plantronics Hub Desktop Application (Windows)

Prior to 3.14

Update Plantronics Hub for Windows version 3.14 or later
Solution

Poly recommends customers upgrade to firmware build 3.14 or later. 

 

Workaround

There is no workaround.

Contact

Any customer using an affected system who is concerned about this vulnerability within their deployment should contact Poly Technical Support(888) 248-4143, (916) 928-7561, or visit the Poly Support Site.

 

RECOGNITION

Poly would like to thank Markus Krell from NTT Ltd. for reporting security vulnerabilities to us and for their coordinated disclosure.

Revision History
VERSION DATE DESCRIPTION
1.0 8/30/2019 Initial Release
2.0 3/7/2022 Format Changes